Kerberos Client Received KRB_AP_ERR_TKT_NYV Error

Further to the problem mentioned in the previous blog post. It was found that the below entry appears in the Windows System Event log of the member servers:

Event ID 5 - The kerberos client received a KRB_AP_ERR_TKT_NYV error from the server KANDTIDC1$. This indicates that the ticket presented to that server is not yet valid (due to discrepancy between ticket and server time). Contact your system administrator to make sure the client and server times are synchronized, and that the time for the Key Distribution Center Service (KDC) in realm kandti.com is synchronized with the KDC in the client realm.

I did a check on the date and time of the domain controller KANDTIDC1 and found that both the date and time are incorrect. The correct date and time were then keyed in for the domain controller and a re-boot was carried out for all the member servers.

After the re-boot, the abovementioned error message does not appear in the Windows System Event log anymore. I tried connecting to the member servers using the server name and I am able to connect without any problem.

Remote Desktop Cannot Verify The Identity Of The Remote Computer

I had been able to connect to the Windows 2012 Server Cores from a Windows 2003 Server via Remote Desktop Connection using the server name but somehow I am not able to do so today.  I was greeted with the error message:

Remote Desktop cannot verify the identity of the remote computer because there is a time or date different between your computer and the remote computer. Make sure your computer’s clock is set to the correct time, and then try connecting again. If the problem occurs again, contact your network administrator or the owner of the remote computer.

I checked that the date and time of both the source and target servers are correct.  I tried a suggested solution found on the internet by changing the connection setting for the Remote Desktop Connection from “Automatically detect RD Gateway server settings” to “Do not use an RD Gateway server” under Options > Advanced > Settings.  I was greeted with the same error message when I tried to connect again.

In the end, I managed to connect using the IP address of the targeted Windows 2012 Server Cores instead.  I was then able to connect to it successfully without the initial error message.